Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2021-26109

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.

  • Published: Dec 8, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-26109
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
fortinet / fortios 7.0.0 7.0.0.x
fortinet / fortios 6.2.0 6.2.9.x
fortinet / fortios 6.0.0 6.0.12.x
fortinet / fortios 6.4.0 6.4.5.x